Today's XKCD, "Password Strength," neatly illustrates the research from this paper (PDF) by Philip Inglesant and M. Angela Sasse from University College London, with the ironic conclusion that we've trained our users to use passwords that computers can easily guess and humans can't possibly remember.